Hi
I have to logout a user from both AEM application and SAML identity provider after session timeout on AEM. I am using "Apache Jackrabbit Oak TokenConfiguration" to set the time for session time out. But after the session time out occurs at AEM the login request is being initiated from AEM instead of logout request.
How do I achieve this?
Did you check this post :- Re: AEM SAML integration - logout doesn't go to IDP logout URL ?
What happens here is that when the logout happens if we configure root path ("/") it works because the /system/sling/logout servlet redirects the response to "/" after logout, which is then handled by the SAML Auth Handler.
However when the SAML Auth Handler is not configured with "/", then it will no longer get invoked because the /system/sling/logout servlet still redirects the response to "/" and SAML is not invoked.
Solution :- AuthUtil.setLoginResourceAttribute(request, "/path-configured-in-saml-config").
OR
Create an overlay for the JSP at :
/libs/cq/core/components/login/logout.jsp
In this JSP change the line below:
window.location.href = "<%= request.getContextPath() %>/system/sling/logout.html;
to
window.location.href = "<%= request.getContextPath() %>/system/sling/logout.html?resource=<the path you configured in the SAML config handler>";
This should convince the method at : https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.auth.core-1.0.6/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java, to set the resource path instead of setting the value to "/"
// find the redirect target from the resource attribute or parameter
// falling back to the reuest context path (or /) if not set
String target = AbstractAuthenticationHandler.getLoginResource(request,
request.getContextPath());
if (target.length() == 0) {
target = "/";
}
~kautuk
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.